Share this story

In the wake of former CIA Director David Petraeus’ sex scandal—uncovered largely through the disclosure of explicit e-mails between him and his mistress—the Senate Judiciary Committee passed a new amendment to the Electronic Communications Privacy Act on Wednesday.

The bill as it stands now (PDF) would require a warrant by law enforcement agencies before they can go digging through e-mail, social networking posts, and other data stored on cloud-based services. If it passes both houses of Congress and is signed by the president, it would mark an important shift in privacy protection for electronic communications. As we’ve reportedforsometime now, those protections (or lack thereof) are woefully out of date.

Sen. Patrick Leahy (D-VT) has been the driving force behind ECPA reform and first proposed similar revisions back in 2011, but they were never brought to a committee vote.

“Three decades after the enactment of ECPA, Americans face even greater threats to their digital privacy, as we witness the explosion of new technologies and the expansion of the Government’s surveillance powers,” Leahy said during the mark up. “Today, the Committee has an important opportunity to begin to address this privacy challenge.”

As we previously wrote, when Congress passed the 1986 Electronic Communications Privacy Act (ECPA), massive online storage of e-mail was essentially unimaginable. It was presumed that if you hadn’t actually bothered to download your e-mail, it could be considered "abandoned" after 180 days.

By that logic, law enforcement would not need a warrant to go to the e-mail provider or ISP to get the messages that are older than 180 days; police only need to show that they have "reasonable grounds to believe" the information gathered would be useful in an investigation. Oddly, that essentially means that postal mail has greater protection than your e-mail inbox.

Privacy watchdogs have also lauded the committee’s vote.

"This is an important gain for privacy. We are very happy that the committee voted that all electronic content like emails, photos and other communications held by companies like Google and Facebook should be protected with a search warrant," Chris Calabrese, legislative counsel for the American Civil Liberties Union, added in a statement. “We believe law enforcement should use the same standard to search your inbox that they do to search your home.”

Share this story

Cyrus Farivar
Cyrus is a Senior Tech Policy Reporter at Ars Technica, and is also a radio producer and author. His latest book, Habeas Data, about the legal cases over the last 50 years that have had an outsized impact on surveillance and privacy law in America, is out now from Melville House. He is based in Oakland, California. Emailcyrus.farivar@arstechnica.com//Twitter@cfarivar

In the wake of former CIA Director David Petraeus’ sex scandal—uncovered largely through the disclosure of explicit e-mails between him and his mistress—the Senate Judiciary Committee passed a new amendment to the Electronic Communications Privacy Act on Wednesday.

Yet when it only involved us peon citizens, it was perfectly ok for the police to ignore our rights.

In the wake of former CIA Director David Petraeus’ sex scandal—uncovered largely through the disclosure of explicit e-mails between him and his mistress—the Senate Judiciary Committee passed a new amendment to the Electronic Communications Privacy Act on Wednesday.

Yet when it only involved us peon citizens, it was perfectly ok for the police to ignore our rights.

It is not that they were ignoring our rights, they were following the law. The problem is the law was not keeping up with the technology.

Yeah this smells fishy. Why now? Only after Petraeus got busted? Was it only then that the higher ups realized how easily they could be busted?

I'm not gonna lie, the system we (the US) have is one of the best in the world, but it's stuff like this that makes me realize it's not as "by-the-people, for-the-people" as the hype would have us believe. If it were, this would have been enacted long ago, when called for by privacy advocates and after coming up in other prominent news cases. Only when one of the ruling class, one of the privileged, got burned did they realize what a huge issue this was.

A traffic light doesn't get installed at an intersection until people start dying. Until the problem effects them personally, they don't care how it affects others, including their constituents who they claim to represent. The only thing they answer to is fear.

I'm not gonna lie, the system we (the US) have is one of the best in the world, but it's stuff like this that makes me realize it's not as "by-the-people, for-the-people" as the hype would have us believe.

Obligatory:

Democracy is the worst form of government except for all those others that have been tried.- Winston Churchill

In the wake of former CIA Director David Petraeus’ sex scandal—uncovered largely through the disclosure of explicit e-mails between him and his mistress—the Senate Judiciary Committee passed a new amendment to the Electronic Communications Privacy Act on Wednesday.

Yet when it only involved us peon citizens, it was perfectly ok for the police to ignore our rights.

It is not that they were ignoring our rights, they were following the law. The problem is the law was not keeping up with the technology.

The 4th Amendment already covers unreasonable searches and seizures. So the "law" that said police had a right to search without a warrant was/is blatantly wrong.

Point being, nothing got done about it until some politician got busted. That's about the only time the law is at parity between us and them.

In the wake of former CIA Director David Petraeus’ sex scandal—uncovered largely through the disclosure of explicit e-mails between him and his mistress—the Senate Judiciary Committee passed a new amendment to the Electronic Communications Privacy Act on Wednesday.

Yet when it only involved us peon citizens, it was perfectly ok for the police to ignore our rights.

It is not that they were ignoring our rights, they were following the law. The problem is the law was not keeping up with the technology.

Well, it was more that they were following a gross misinterpretation of the law. Kind of like when you get convicted of killing someone and serve your time, then find out the person isn't dead, so you kill them because Double Jeopardy says you can't be convicted of the same crime twice. (See the movie, Double Jeopardy.)

The one thing that really bugged me about the Patreus story was the part concerning how they used the draft folder, carrying on conversations by unsent emails. The practice, reportedly, was seen being used by Al Qaeda operatives. In and of itself, not a scary practice. The real hair raising point was the reporting by officials, and forgive me for forgetting the exact wording used but, that this practice is quite obvious. The choice of words used made it sound like they're actively scanning webmail services for such activity.

I would much prefer to see all documentation and communications treated the same. This helps, a lot, but it should be extended to SMS, IM, etc. (If the draft from the committee doesn't allready; I don't have time right now to look it up and read it.)

I'm fine with police being able to look through whatever the hell they want, given proper judicial approve or certain common sense exceptions (e.g. there's a certain loss of privacy inherent to posting in an Ars thread, so there would be no need for a warrant).

I'm not gonna lie, the system we (the US) have is one of the best in the world, but it's stuff like this that makes me realize it's not as "by-the-people, for-the-people" as the hype would have us believe.

Obligatory:

Democracy is the worst form of government except for all those others that have been tried.- Winston Churchill

Agreed, no need to get defensive. I just meant to say that sometimes I think those who govern the people forget to empathize and remember what it's like for the little guy. They get a little full of themselves and a certain bit of their own excrement don't stink. The question "Why should we do this for them?" becomes easier to answer when it is, instead "Why shouldn't we do this for us?"

This really is hilarious. Ars should add a "humor" tag in addition to the "government" one.

"Oh SH**! I didn't even think to bother using a separate account and pseudonym when communicating with my mistress(es), let alone all of that fancy 'save as draft' stuff, and he still got caught! MUST. PASS. LAW. NOW." —Half of the US House and Senate.

I bet a lot of young interns in Congress have gotten some awkward questions from their bosses over the past few weeks: "uh, hey, whatever-your-name-is, how do I, uh, permanently delete gmails? Really permanently. Like, even if someone like---well, let's say even the FBI as an example, you know [awkward chuckle] were looking through it, would there be a way for me---err, 'someone'---to kind of 'super delete' certain emails? Just, you know, curious about that. Could you get back to me ASAP, though? thx"

So, stop using Google search and other "free" Google services, like e-mail? Not really all that difficult. Nothing is free. Set up your own e-mail server and maintain it. All you need is the cheapest of PC's and a free linux distro.

Seriously, you want to protect my inbox? Make spamming a death penalty offence. The gov't can look through my email all they want, track all those freaking spammers and terminate with extreme prejudice.

The one thing that really bugged me about the Patreus story was the part concerning how they used the draft folder, carrying on conversations by unsent emails. The practice, reportedly, was seen being used by Al Qaeda operatives. In and of itself, not a scary practice. The real hair raising point was the reporting by officials, and forgive me for forgetting the exact wording used but, that this practice is quite obvious. The choice of words used made it sound like they're actively scanning webmail services for such activity.

It's obvious once you're actively scanning the account. They were actively scanning the account in this case because they backtraced threatening emails to this account. That was part of the investigation of a criminal complaint. This is how the law is SUPPOSED to work.

Nothing like public embarrassment of high level officials in government to cause a shift in policy. It's sad that it has taken this long for them to act, they should've also issued a public apology for that as well.

Well, it was more that they were following a gross misinterpretation of the law. Kind of like when you get convicted of killing someone and serve your time, then find out the person isn't dead, so you kill them because Double Jeopardy says you can't be convicted of the same crime twice. (See the movie, Double Jeopardy.)

Please don't get your understanding of the law from movies or TV; they usually portray the way the law works as well as they portray what "hacking" is like. That movie is horribly written fiction, and not how the law works. Double jeopardy protects you from being prosecuted for the SAME crime twice, so if you are convicted or acquitted you can't be charged for that particular murder again. If you are convicted of killing someone in the PAST and they turn out to still be alive killing them NOW is a DIFFERENT crime and you can be prosecuted for it.